Traffic does not pass over Site-to-Site VPN tunnel when choosing SHA-256 for IKE Phase 2 negotiation
|Platform / Model
Site-to-Site VPN negotiation succeeds, however traffic does not flow over the tunnel.
The following log appear in SmartView Tracker (depending on the settings):
Changing the Phase 2 properties of the VPN Community to perform data integrity with any method other than SHA-256 resolves the issue
(SmartDashboard - go to '
IPSec VPN' tab - open problematic Site-to-Site Community - go to '
Encryption' - in the section '
Encryption Suite', select '
Custom' - click on '
Advanced...' - in the section '
IPsec Security Association (Phase 2) Properties', refer to the field '
Perform data integrity with').
Status of SecureXL (enabled/disabled) on VPN Gateways is not relevant.
Note: To view this solution you need to